formbook | 3276e7ff57ccbea104651066c1d45301d52fbfce23d0d48f5238d82a51abd852 | Triage

Sharing

General

Target

Urgent Request For Quotation.exe
Size

661KB
Sample

221205-3c4wwsgc25
MD5

652477b1b34d67d811ec3498bd029a8b
SHA1

cf6f49e4580367bacdc8b0ad2c7d156456c5ea82
SHA256

3276e7ff57ccbea104651066c1d45301d52fbfce23d0d48f5238d82a51abd852
SHA512

f1c67ff884ab0a060b3b39a2eacdbdd812359094571f9bb28078d3abc20f603e04b1b8686efeba181f55a15a23a220c67c6adb2ae151e0bb467bef7119c388a3
SSDEEP

12288:uPuYd+V6b1momPZefIqohbyyGEKGC5TxK4/1xm7tHyJg38i4ePqLPuYd+V6b:uPuYd+V6bIomxiJoKnzxO7d38ijqLPuI

Score

10^/10

formbook snky rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

snky

Decoy

AiMFvkl6+A4HEgZ99q5x4naN7lGmvJo=

tvj/KUTKeKgxszIemQ==

DTrTokBrjB5leF4=

tPeTOuIjJPtH

taxtMdIygEdpskxzOQ2ZjoAEeA==

CxLuaKAFRrJyuIqQUPbhZw==

Tn4fapT5kPmk1H0gpXQ=

h5p8hDqGSiRzdSbV

i3lg8tbRNRU6jC9pQSOxzHYZgpbnOKBx

EwbfBo6m+UXU2qaVUPbhZw==

WpeenFSMquJ3xXD1/b43

niV5qTFu3tfmcgrI

fqyyyElbdxWswJ7A

Lh7o92ZOr4ghbwvK

Y2RYMDue4x+KszIemQ==

lN3Y3z5AS85eah1MDvfFQQA=

uq+Oqh8MNRxHOOkqA9lqYEZZhJU=

FEtGDeGnnRoSQEM=

TkMlruotvsmtpFwg6shr03LjwMWGow==

7PGx8hNMep8EMj5Q39dsq16IbbaIrA==

Targets

- Target
  
  Urgent Request For Quotation.exe
- Size
  
  661KB
- MD5
  
  652477b1b34d67d811ec3498bd029a8b
- SHA1
  
  cf6f49e4580367bacdc8b0ad2c7d156456c5ea82
- SHA256
  
  3276e7ff57ccbea104651066c1d45301d52fbfce23d0d48f5238d82a51abd852
- SHA512
  
  f1c67ff884ab0a060b3b39a2eacdbdd812359094571f9bb28078d3abc20f603e04b1b8686efeba181f55a15a23a220c67c6adb2ae151e0bb467bef7119c388a3
- SSDEEP
  
  12288:uPuYd+V6b1momPZefIqohbyyGEKGC5TxK4/1xm7tHyJg38i4ePqLPuYd+V6b:uPuYd+V6bIomxiJoKnzxO7d38ijqLPuI
Score

10^/10

formbook snky rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooksnkyratspywarestealertrojan

behavioral2

formbooksnkyratspywarestealertrojan